feat(siteinfo): add allow_password_login config

apache · Nov 15, 2023 · b454515 · b454515
1 parent 92911e3
commit b454515
Show file tree

Hide file tree

Showing 6 changed files with 64 additions and 0 deletions.
diff --git a/i18n/en_US.yaml b/i18n/en_US.yaml
@@ -268,6 +268,8 @@ backend:
         other: You cannot modify your role.
       not_allowed_registration:
         other: Currently the site is not open for registration.
+      not_allowed_login_via_password:
+        other: Currently the site is not allowed to login via password.
       access_denied:
         other: Access denied
       page_access_denied:

diff --git a/internal/base/reason/reason.go b/internal/base/reason/reason.go
@@ -92,6 +92,7 @@ const (
 	UserCannotUpdateYourRole         = "error.user.cannot_update_your_role"
 	TagCannotSetSynonymAsItself      = "error.tag.cannot_set_synonym_as_itself"
 	NotAllowedRegistration           = "error.user.not_allowed_registration"
+	NotAllowedLoginViaPassword       = "error.user.not_allowed_login_via_password"
 	SMTPConfigFromNameCannotBeEmail  = "error.smtp.config_from_name_cannot_be_email"
 	AdminCannotUpdateTheirPassword   = "error.admin.cannot_update_their_password"
 	AdminCannotModifySelfStatus      = "error.admin.cannot_modify_self_status"

diff --git a/internal/migrations/migrations.go b/internal/migrations/migrations.go
@@ -93,6 +93,7 @@ var migrations = []Migration{
 	NewMigration("v1.1.2", "add notification config", addNoticeConfig, true),
 	NewMigration("v1.1.3", "set default user notification config", setDefaultUserNotificationConfig, false),
 	NewMigration("v1.2.0", "add recover answer permission", addRecoverPermission, true),
+	NewMigration("v1.2.1", "add password login control", addPasswordLoginControl, true),
 }
 
 func GetMigrations() []Migration {

diff --git a/internal/migrations/v18.go b/internal/migrations/v18.go
@@ -0,0 +1,52 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package migrations
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"github.com/apache/incubator-answer/internal/base/constant"
+	"github.com/apache/incubator-answer/internal/entity"
+	"github.com/apache/incubator-answer/internal/schema"
+	"xorm.io/xorm"
+)
+
+func addPasswordLoginControl(ctx context.Context, x *xorm.Engine) error {
+	loginSiteInfo := &entity.SiteInfo{
+		Type: constant.SiteTypeLogin,
+	}
+	exist, err := x.Context(ctx).Get(loginSiteInfo)
+	if err != nil {
+		return fmt.Errorf("get config failed: %w", err)
+	}
+	if exist {
+		content := &schema.SiteLoginReq{}
+		_ = json.Unmarshal([]byte(loginSiteInfo.Content), content)
+		content.AllowPasswordLogin = true
+		data, _ := json.Marshal(content)
+		loginSiteInfo.Content = string(data)
+		_, err = x.Context(ctx).ID(loginSiteInfo.ID).Cols("content").Update(loginSiteInfo)
+		if err != nil {
+			return fmt.Errorf("update site info failed: %w", err)
+		}
+	}
+	return nil
+}
diff --git a/internal/schema/siteinfo_schema.go b/internal/schema/siteinfo_schema.go
@@ -117,6 +117,7 @@ type SiteUsersReq struct {
 type SiteLoginReq struct {
 	AllowNewRegistrations   bool     `json:"allow_new_registrations"`
 	AllowEmailRegistrations bool     `json:"allow_email_registrations"`
+	AllowPasswordLogin      bool     `json:"allow_password_login"`
 	LoginRequired           bool     `json:"login_required"`
 	AllowEmailDomains       []string `json:"allow_email_domains"`
 }

diff --git a/internal/service/user_service.go b/internal/service/user_service.go
@@ -134,6 +134,13 @@ func (us *UserService) GetOtherUserInfoByUsername(ctx context.Context, username
 
 // EmailLogin email login
 func (us *UserService) EmailLogin(ctx context.Context, req *schema.UserEmailLoginReq) (resp *schema.UserLoginResp, err error) {
+	siteLogin, err := us.siteInfoService.GetSiteLogin(ctx)
+	if err != nil {
+		return nil, err
+	}
+	if !siteLogin.AllowPasswordLogin {
+		return nil, errors.BadRequest(reason.NotAllowedLoginViaPassword)
+	}
 	userInfo, exist, err := us.userRepo.GetByEmail(ctx, req.Email)
 	if err != nil {
 		return nil, err